Apache CouchDB sets weak file permissions potentially allowing 'Standard' Windows users to elevate privileges. The "nssm.exe" (Apache CouchDB) executable can be replaced by a 'Standard' non administrator user, allowing them to add a backdoor Administrator account once the "Apache CouchDB" service is restarted or system rebooted. As Apache CouchDB runs as LOCALSYSTEM, standard users can now execute arbitrary code with the privileges of the SYSTEM. Version 2.0.0 is affected. Continue reading...
